Microsoft 365 Compromised Account

If a Microsoft 365 account has been compromised, fast containment and proper cleanup prevents repeat abuse and protects your organisation.

Common indicators

• Unexpected sign-ins from unfamiliar locations
• Inbox rules or forwarding created without approval
• Users reporting phishing “from you”
• Missing or moved emails

What I do

• Contain compromised accounts
• Remove malicious rules and persistence
• Review risky sign-ins and authentication gaps
• Apply practical tenant hardening
• Provide documented remediation notes